A Novel Multi Algorithm Approach to Identify Network Anomalies in the IoT Using Fog Computing and a Model to Distinguish between IoT and Non-IoT Devices

Botnet attacks, such as DDoS, are one of the most common types of attacks in IoT networks. A botnet is a collection of cooperated computing machines or Internet of Things gadgets that criminal users manage remotely. Several strategies have been developed to reduce anomalies in IoT networks, such as...

Full description

Saved in:
Bibliographic Details
Published inJournal of sensor and actuator networks Vol. 12; no. 2; p. 19
Main Authors Alzahrani, Rami J., Alzahrani, Ahmed
Format Journal Article
LanguageEnglish
Published Basel MDPI AG 01.04.2023
Subjects
Accuracy
Algorithms
Analysis
Anomalies
anomaly mitigation
classification algorithms
Cloud computing
Computer centers
Cybersecurity
Denial of service attacks
Detectors
Edge computing
Energy consumption
fog computing
Internet of Things
internet of things (IoT)
intrusion detection system (IDS)
Machine learning
Networks
Security software
Statistical analysis
Statistical methods
Traffic flow
Online AccessGet full text

Cover

More Information
Summary:Botnet attacks, such as DDoS, are one of the most common types of attacks in IoT networks. A botnet is a collection of cooperated computing machines or Internet of Things gadgets that criminal users manage remotely. Several strategies have been developed to reduce anomalies in IoT networks, such as DDoS. To increase the accuracy of the anomaly mitigation system and lower the false positive rate (FPR), some schemes use statistical or machine learning methodologies in the anomaly-based intrusion detection system (IDS) to mitigate an attack. Despite the proposed anomaly mitigation techniques, the mitigation of DDoS attacks in IoT networks remains a concern. Because of the similarity between DDoS and normal network flows, leading to problems such as a high FPR, low accuracy, and a low detection rate, the majority of anomaly mitigation methods fail. Furthermore, the limited resources in IoT devices make it difficult to implement anomaly mitigation techniques. In this paper, an efficient anomaly mitigation system has been developed for the IoT network through the design and implementation of a DDoS attack detection system that uses a statistical method that combines three algorithms: exponentially weighted moving average (EWMA), K-nearest neighbors (KNN), and the cumulative sum algorithm (CUSUM). The integration of fog computing with the Internet of Things has created an effective framework for implementing an anomaly mitigation strategy to address security issues such as botnet threats. The proposed module was evaluated using the Bot-IoT dataset. From the results, we conclude that our model has achieved a high accuracy (99.00%) with a low false positive rate (FPR). We have also achieved good results in distinguishing between IoT and non-IoT devices, which will help networking teams make the distinction as well.
ISSN:2224-2708
2224-2708
DOI:10.3390/jsan12020019